11.5: Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions
Manage all network devices using multi-factor authentication and encrypted sessions.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Protect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Inputs
Network device inventory
Network device configuration policy
Assumption
The network device configuration policy (Input 2) details the use of multi-factor authentication and use of encrypted sessions
Operations
For each network device, compare its running configuration to the device’s configuration policy for use of multi-factor authentication
For each network device, compare its running configuration to the device’s configuration policy for use of encrypted sessions
Measures
M1 = Count of network devices
M2(i) = (For each network device “i”) 1 if the network device’s running configuration matches the configuration policy for use of multi-factor authentication (Operation 1); 0 otherwise
M3(i) = (For each network device “i”) 1 if the network device’s running configuration matches the configuration policy for use of encrypted sessions (Operation 1); 0 otherwise
Metrics
Multi-Factor Coverage
Metric |
The ratio of network devices properly configured for multi-factor authentication to the total number of network devices.
|
Calculation |
|
Encrypted Session Coverage
Metric |
The ratio of network devices properly configured for use of encrypted sessions to the total number of network devices.
|
Calculation |
|